Page MenuHomeFreeBSD
Differential D53545

ifconfig: Fix invalid free() in ifbridge
ClosedPublic
Actions

Authored by ivy on Nov 3 2025, 5:28 AM.
Tags
None
Referenced Files
F146117027: D53545.diff
Fri, Feb 27, 11:16 PM
Unknown Object (File)
Thu, Feb 26, 5:44 AM
Unknown Object (File)
Mon, Feb 23, 7:17 AM
Unknown Object (File)
Sun, Feb 22, 5:52 AM
Unknown Object (File)
Wed, Feb 18, 5:39 AM
Unknown Object (File)
Fri, Jan 30, 12:14 AM
Unknown Object (File)
Jan 22 2026, 11:09 PM
Unknown Object (File)
Jan 14 2026, 1:19 PM
View All 39 Files
Subscribers
imp
zlei

Details

Reviewers
des
kevans
zlei
Group Reviewers
network
Commits
rG88c5a4996b90: ifconfig: Fix invalid free() in ifbridge
rGfe2e53443377: ifconfig: Fix invalid free() in ifbridge
rG0899f7a3b791: ifconfig: Fix invalid free() in ifbridge
Summary

parse_vlans() does 's = strdup(str)', then calls strsep(&s, ...), then
attempts to free(s) at the end of the function. For the success case,
this is fine (s is NULL, so it's a trivial memory leak), but in the
error case, we will attempt to free an invalid pointer.

Fix this by storing the original return value from strdup() and freeing
that instead.

Reported by: David Gwynne <dlg@openbsd.org>
MFC after: 3 days

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sbin/
ifconfig/
8 lines

Diff 165782

View Options

sbin/ifconfig/ifbridge.c

Loading...